md(4) (swap-base) disks not cleaned on creation
Paul Schenkeveld
freebsd at psconsult.nl
Tue Nov 6 19:59:43 UTC 2012
On Tue, Nov 06, 2012 at 09:27:04PM +0200, Konstantin Belousov wrote:
> On Tue, Nov 06, 2012 at 07:46:58PM +0100, Paul Schenkeveld wrote:
> > Hi,
> >
> > When creating a swap based md(4) it may contain data which to me feels
> > like a security leak:
> >
> > # mdconfig -a -t swap -s 1m
> > md0
> > # hd /dev/md0
> > 00000000 c0 9b a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |?.?......\S.....|
> > 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> > *
> > 00000250 38 9f a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |8.?......\S.....|
> > 00000260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> > *
> > 00000330 88 a0 a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |.š?......\S.....|
> > 00000340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> > *
> > 00000370 e8 a0 a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |?š?......\S.....|
> > 00000380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> > *
> > 000005b0 48 a4 a8 00 08 00 00 00 00 5c 53 00 08 00 00 00 |H??......\S.....|
> > 000005c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> > *
> > ^C
> > # ls -l /dev/md0
> > crw-r----- 1 root operator 0xc8 Nov 6 19:42 /dev/md0
> > #
> >
> > Although not world-readable, it just doesn't feel right to me.
> >
> > Any thoughts?
>
> It is definitely not a security issue. The md device is not user-accessible,
> as you noted. A filesystem run over the device need to ensure that user
> process never get on-disk garbage without first initializing the blocks.
What about this scenario:
- Root uses nanobsd.sh to make an image
- The .conf file has NANO_MD_BACKING="swap" (I believe phk@ was against
this feature but it is in nanobsd.sh now)
- Root places the image on a public FTP site and this way exposes swap
data.
--
Paul Schenkeveld
More information about the freebsd-security
mailing list